System and Method for Decentralized, Controlled, and Managed Consumer Personal Data

ABSTRACT

The present disclosure provides for a system for protecting personal information data comprising a private blockchain or distributed ledger, comprised of a first plurality of blocks, wherein each of the first plurality of blocks represent a personal data vault for storing personal information data, a public blockchain, comprised of a second plurality of blocks, wherein each of the second plurality of blocks represents a public profile for each user, associating the user of each of the second plurality of blocks with the same user of the first plurality of blocks, and a metadata filtering device, configured to match personal information data from an inputted data stream of personal information data with prestored metadata fields, and producing personal information data tagged with an associated metadata tags.

CLAIM OF PRIORITY

The present continuation application includes subject matter disclosed in and claims priority to PCT application of the same title, filed Mar. 16, 2022 and assigned Serial No. PCT/US22/20636, and to provisional application entitled “System and Method for Decentralized, Controlled, and Managed Consumer Personal Data” filed Mar. 17, 2021 and assigned Ser. No. 63,162.386, describing inventions made by the present inventor, herein incorporated by reference.

OVERVIEW OF THE DISCLOSURE

The present disclosure creates a network of data creators (digital consumers) and data consumers (enterprises) where aggregation of data happens at the source and sharing happens at the synthesis level. This disclosure creates innovation in multiple areas including:

-   -   1) The creation of a personal data vault for the digital         consumer at the source.     -   2) Exchanging the data synthesis instead of raw data for value     -   3) Maintaining privacy, immutability and compliance using a         distributed ledger.

The present disclosure further includes a method establishing an abstraction and filtering of sensitive, personal and secure data between an end-point networked device/interface of a digital consumer(DC) and an end point of a networked device/interface of an Enterprise(EU) through a secure data network management capability the Operating Fabric(OF). The DC registers with the OF obtaining their unique identity obtaining the filtering capability on their end point device/interface, this filtering capability allows the DC to engage digitally across a wide variety of websites and applications providing digital services by the EU to the DC. This filtering capability while filtering out the information that is not essential to the digital transaction between the DC and EU, also obtains a copy of the data footprint that is transmitted into the DC secure Data Vault, in addition all historical information collected and stored by the EU of the DC is automatically downloaded and copied into the secure data vault. This information collecting and storing the historical and transactional data of a DC from the EU creates a holistic copy (or close to) digital footprint of the DC.

The EU to obtain insights about the DC can create a query requesting for data synthesis without the need for a copy of the data. This query gets transmitted to the OF and upon the consent of the DC to share the data synthesis to the EU or the type of, a synthesis (usually a binary value) is created by the DC data vault and transmitted back to the OF. The aggregation of the information collected through this mechanism is sent back to the EU by the OF without the identity or a copy of the data elements.

Digital Enterprises today are challenged with how they will engender digital trust with their digital consumers while both balancing their business growth needs through lean data science and reducing their risks due to data breaches and compliance.

Specifically, these challenges arise due to the current need to purchase and store low quality data from multiple data brokers and aggregators in creating a reverse Consumer 360. The advent of new and evolving regulations triggered by GDPR, CCPA, HIPAA, etc. has made it an immediate priority to drive consumer inclusion. An example of an enterprise customer facing this need, is a healthcare organization's desire to measure the vaccine effectiveness for COVID while respecting digital privacy for the consumer using a smartwatch.

This disclosure focuses on creating a copy of the individual's digital footprint at the source (i.e., personal data vault). This personal data vault will organically create the first Consumer 360 at source using a combination of privacy protocols, metadata and immutability to ensure the quality of the data, is secure and holistic.

This disclosure will for the digital consumer:

-   -   Avoid exfiltration of data-to-data brokers or data aggregators     -   Source/Trickle the historical digital footprint to a personal         data vault     -   Create a complete profile of digital consumers using the meta         data engine (a     -   “Consumer 360”); and     -   Enable the exchange of data synthesis without the identity or         the data elements from the digital consumer to the digital         enterprise.

SUMMARY OF THE DISCLOSURE

In an embodiment of the present disclosure, a system for protecting personal information data comprising: a private blockchain or distributed ledger, comprised of a first plurality of blocks, wherein each of the first plurality of blocks represent a personal data vault for storing personal information data; a public blockchain, comprised of a second plurality of blocks, wherein each of the second plurality of blocks represents a public profile for each user, associating the user of each of the second plurality of blocks with the same user of the first plurality of blocks; and a metadata filtering device, configured to match personal information data from an inputted data stream of personal information data with prestored metadata fields, and producing personal information data tagged with an associated metadata tags.

In an embodiment of the present disclosure, a system where a block from the first plurality of blocks associated with a user of the private blockchain/distributed ledger is further configured to store personal information data for each user as filtered by the metadata tags and the associated metadata tags.

In an embodiment of the present disclosure, a system that restricts access to the personal information data stored in the personal data vault of the user associated with the personal data vault.

In an embodiment of the present disclosure, a method of an enterprise enabling a digital consumer data network registration, comprising the steps of: transmitting a data subject rights request from an enterprise to an application for a digital consumer, receiving a signal from the application for the digital consumer indicating the consumer opts into the subject rights request; creating a private profile based on the signal from the application for the digital consumer; creating a public profile from the application for the digital consumer; registering the public profile with a data network for the enterprise; and setting privacy preferences for the digital consumer based on settings from the application for the digital consumer.

In an embodiment of the present disclosure, a method where the private profile is a block on a private blockchain or distributed ledger.

In an embodiment of the present disclosure, a method where the public profile is a block on a public blockchain.

In an embodiment of the present disclosure, a system for registering a digital consumer data network, comprising: a processor; and a memory operatively coupled to the processor, wherein the memory stores instructions that when executed by the processor cause the processor to: transmit a data subject rights request from an enterprise to an application for a digital consumer; receive a signal from the application for the digital consumer indicating the consumer opts into the subject rights request; create a private profile based on the signal from the application for the digital consumer; create a public profile from the application for the digital consumer; register the public profile with a data network for the enterprise; and set privacy preferences for the digital consumer based on settings from the application for the digital consumer.

In an embodiment of the present disclosure, a method of managing consumer privacy, comprising the steps of: opening a privacy rights management application; selecting an application from the privacy rights management application; loading a privacy preference from a privacy profile for the privacy rights management application; retrieving a data determined by the privacy preference associated from the application; storing the retrieved data in a private storage medium for the privacy rights management application; and transmitting a signal to the application to delete the retrieved data from the application.

In an embodiment of the present disclosure, a method where the private storage medium is a block of a private blockchain or distributed ledger.

In an embodiment of the present disclosure, a system for managing consumer privacy, comprising: a processor; and a memory operatively coupled to the processor, wherein the memory stores instructions that when executed by the processor cause the processor to: open a privacy rights management application; select an application from the privacy rights management application; load privacy preference from a privacy profile for the privacy rights management application; retrieve a data determined by the privacy preference associated from the application: store the retrieved data in a private storage medium for the privacy rights management application; and transmit a signal to the application to delete the retrieved data from the application.

In an embodiment of the present disclosure, a method for creating a private consumer profile, comprising the steps of: loading a pre-configured privacy profile defining the types of personal information a user desires for the private consumer profile; identifying a third-party application that stores the types of personal information the user desires for the private consumer profile; using the pre-configured privacy profile to generate data subject rights requests for the third-party application; transmitting the data subject rights requests to the third-party application requesting retrieval of the personal information and deletion of the personal information; and populating the private consumer profile with the personal information.

In an embodiment of the present disclosure, a method where the private consumer profile is stored on a block of a blockchain.

In an embodiment of the present disclosure, a system for managing consumer privacy, comprising: a processor; and a memory operatively coupled to the processor, wherein the memory stores instructions that when executed by the processor cause the processor to: load a pre-configured privacy profile defining the types of personal information a user desires for the private consumer profile; identify a third-party application that stores the types of personal information the user desires for the private consumer profile; use the pre-configured privacy profile to generate data subject rights requests for the third-party application; transmit the data subject rights requests to the third-party application requesting retrieval of the personal information and deletion of the personal information; and populate the private consumer profile with the personal information.

In an embodiment of the present disclosure, a method of obtaining query results from distributive sources comprising the steps of receiving a data query; parsing the data query into a plurality of ordered nested data queries; and transmitting a first of the ordered nested data queries to a plurality of storage mediums.

In an embodiment of the present disclosure, a method for obtaining query results from distributive sources comprising the steps of receiving from each of the plurality of storage mediums a signal whether data stored in the associated storage mediums matches the first of the ordered nested data queries; aggregating the plurality of storage mediums that returned the signal indicating an affirmative match with the first of the ordered nested data queries, creating a subset of the plurality of storage mediums; and outputting a query based on the subset of plurality of storage mediums.

In an embodiment of the present disclosure, a method where the plurality of storage mediums are blocks on a blockchain, the plurality of blocks on the blockchain associated with a plurality of consumer data vaults on a one-to-one basis.

In an embodiment of the present disclosure, a system for obtaining query results from distributive sources, comprising: a processor, and a memory operatively coupled to the processor, wherein the memory stores instructions that when executed by the processor cause the processor to: receive a data query; parse the data query into a plurality of ordered nested data queries; and transmit a first of the ordered nested data queries to a plurality of storage mediums.

In an embodiment of the present disclosure, a system where the memory stores further instructions to: receive from each of the plurality of storage mediums a signal whether data stored in the associated storage mediums matches the first of the ordered nested data queries. aggregate the plurality of storage mediums that returned the signal indicating an affirmative match with the first of the ordered nested data queries, creating a subset of the plurality of storage mediums; and output a query based on the subset of plurality of storage mediums.

In an embodiment of the present disclosure, a system that collects information from multiple parent nodes to a child node, the implementation of which can be expanded across multiple parent-child relationships. A mechanism by which the decentralization of information typically held at the parent nodes currently held in bits and pieces relating to the child node is collected back while in transit or by batch to create a complete and full profile of the child node digital engagement. The child node is typically associated with a digital user.

In an embodiment of the present disclosure, a node could stand alone or be a part of multiple nodes associated with a digital user engaged with multiple parent nodes to typically send information for the purpose of a digital transaction.

In an embodiment of the present disclosure, a system that creates consumer 360 through organic and inorganic means for a digital consumer by reversing the current dataflows for data storage as widely used by digital services by an enterprise, including a distributed ledger, comprised of a first plurality of blocks, wherein each of the first plurality of blocks represent a personal data vault for storing personal information data, a public blockchain, comprised of a second plurality of blocks, wherein each of the second plurality of blocks represents a public profile for each user, associating the user of each of the second plurality of blocks with the same user of the first plurality of blocks, a data trickle configured to obtain personal data associated with the user from an enterprise-side data service of the enterprise, for storage in the personal data vault, wherein the system is configured to delete the personal data associated with the user from the enterprise-side data service upon storage of the personal data in the personal data vault.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 depicts a system that can be used in implementations of the present disclosure.

FIGS. 2-5 depicts a consumer application that can be deployed on a client computing device according to a disclosure of the present invention.

FIGS. 6A-6B depicts an enterprise application that can be deployed on an enterprise computing device according to a disclosure of the present invention.

FIG. 7 depicts a decentralized consumer data ecosystem according to an implementation of the present disclosure.

FIG. 8 depicts a method for enterprise-enabled digital consumer data network registration according to an implementation of the present disclosure.

FIG. 9 depicts a method for privacy and consumer data management according to an implementation of the present disclosure.

FIG. 10 depicts a method for data aggregation and creation of a consumer data profile according to an implementation of the present disclosure.

FIG. 11 depicts a method for data synthesis exchange according to an implementation of the present disclosure.

FIG. 12 depicts a block system diagram for implementation of the claimed system according to an embodiment of the disclosure.

FIG. 13 depicts exemplary mechanisms by which enterprises generate Data Requests according to an embodiment of the disclosure.

FIG. 14 depicts a flow chart of an implementation of the public blockchain, wherein the identity management is reverse mapped to the identities of the enterprises holding consumer information according to an embodiment of the disclosure.

FIG. 15 depicts a flow chart of an implementation of the private blockchain, wherein the users' private consumer data is mapped to private data vaults, according to an embodiment of the disclosure.

FIG. 16 depicts an exemplary extensible implementation of the disclosed system according to an embodiment of the disclosure.

DETAILED DESCRIPTION

Non-limiting embodiments of the present disclosure will be further described by referring to the accompanying drawings. It should be understood that the embodiments illustrated in the drawings are for description of the invention only and shall not be construed as any limitation to the present disclosure. The scope of the invention would rather be defined by the appended claims.

It should be understood that the accompanying drawings are merely used to illustrate embodiments of the present disclosure and are not necessarily drawn to scale.

FIG. 1 depicts an example system 100 that can be used in implementations of the present disclosure. The example system 100 includes a plurality of client computing devices 102-110, each of the computing devices being associated with one of consumer users 120 a-120 e, respectively. Individual consumer users 120 a-120 e may be referred to as user 120 or consumer 120. User 120 may also be an entity, such as an enterprise, that may generate data about the characteristics of the entity. Client computing devices 102-106 (singularly referred to as client computing device 102 or portable device 102) may be implemented in the form of smartphones, tablets, smartwatches, IOT (Internet of things) endpoints including smart cars, smart fridges, smart meters or other portable handheld computing devices. Client computing devices 108-110 (singularly referred to as client computing device 108) may be implemented in the form of a desktop computer, laptop computer, or other similar devices. The system 100 also includes a network 114, and a computing system 112. The computing devices 102-110 and the computing system 112 can communicate with each other through the network 114. The computing system 112 can include one or more computing devices 116 (e.g., one or more servers) and one or more computer-readable storage devices 118 (e.g., one or more databases that could be local to the end point or another client node purely for the purpose of storage).

The system 100 may also include enterprise computing devices 130-132, each of the enterprise computer devices being associated with one of enterprise 140 a-140 b. Individual enterprises 140 a-140 b may be referred to as enterprise 140. Enterprise computing devices 130-132 may be implemented in the form of a smartphones, tablets, smartwatches, or other portable handheld computing devices, or a desktop computer, laptop computer, or other similar device. Client computing devices 102-110, computing system 112, and enterprise computing devices 130-132 may be connected to network 114 though LAN, Wi-Fi. DSL, fiber, broadband, or other wired or wireless connections, or combinations thereof. Client computing devices 102-110, computing devices 116, and enterprise computing devices 130-132 may each contain one or more memories for storing instructions for execution by a processor, and one or more processors for executing the instructions.

FIG. 2 depicts a consumer application 300 that can be deployed on a client computing device 102 according to a disclosure of the present invention. Consumer application 300 may be implemented as a super app, container, browser, browser plugin or by a service integration which can be used to provide controls or instructions to other applications on portable device 102. User 120 can access consumer application 300 through a signup 301 feature, which may require user 120 to provide personal information such as a phone number or email address, along with a password, to create a user profile. The user 120 may then access the consumer application through login 302. In the case of service integration, the integration with the ecosystem may happen through a hardware connectivity associated with the users.

FIGS. 3A-3B depict a consumer application 300 that can be deployed on a client computing device 102 according to a disclosure of the present invention. After logging into application 300, the application 300 will display a home screen for the application 300. The home screen may contain profile interface 304, home screen interface 306, monetization feedback interface 308, notifications interface 310, data providing applications 312, application interface 314, vault interface 316, leaderboard interface 318, profile interface 320, and money earned interface 322.

Profile interface 304 and profile interface 320 may provide access to a user profile display. The user profile display may display on application 300. The user profile display may contain a listing of the user personal information, such as the phone number or email address used to create a user profile, including the ability to change the same. The user profile display may also provide preference and setting for the application 300. The user profile display may also provide links to payment sources, such as a bank account, cryptocurrency account, or other sources of value for funding the queries that are run to get the required analytics or insights from the users that wish to share their information.

Home screen interface 306 may permit the user 120 of application 300 to return to the home screen display of application 300, as shown in FIG. 3A, from another display within the application 300, such as the profile display, the leaderboard display, and the user data vault display 328, as shown and described in FIG. 5 .

Monetization feedback interface 308 may provide visual feedback to users 120 of application 300 as to the amount of money earned by the user 120 through the usage of application 300. As shown by way of example in FIG. 3A, the $120 figure represents a total amount of money earned over a set period of time. The set period of time may be the current day, week, month, year, or other time interval as set by the application 300. The +1.00 figure represents an amount of money earned in a second time internal, typically shorter than the other period of time, such as the last 10 minutes or the last time the user 120 accessed application 300.

Notifications interface 310 provides a visual feedback to user 120 of application 300 of alerts or notices from the application 300. The alerts or notices may include feedback to user 120.

Exemplary data providing applications 312 are shown in FIGS. 3A-3B, which may include social network applications, such as Facebook®, Twitter®, and Snapchat®, media applications, such as YouTube® and Vine®, health applications, such as MyFitnessPal®, and financial applications, such as Bank of America®. The data providing applications 312 are not limited to the data providing applications shown in FIGS. 4A-4B or listed here. Data providing applications 312 may include any downloadable application that collects or uses personal information, such as personal/consumer information defined under GDPR. CCPA, PDP. POPI Act or other variations as defined by various states, countries or unions. Adding, removing, or otherwise modifying the data providing applications 312 may be achieved through the apps interface 314.

Vault interface 316 may provide access to the user data value display 328 as shown in FIG. 5 and discussed further below.

Leaderboard interface 318 may provide access to a leaderboard display on application 300. The leaderboard display may provide a listing of users 120 of application 300. The listing of other users 120 may be shown in rank order in the amount of money earned through usage of application 300. The leaderboard may also provide a filter of the other users to list only other users selected by a user 120 (such as a friend list), or by geographic region, or another filter.

Money earned interface 322 may provide a graphical depiction to users 120 of application 300 as to the amount of money earned by the user 120 through the usage of application 300. An exemplary money earned interface 322 is shown in FIG. 3B, providing visual feedback to users 120 of application 300 of the amount of money earned each month over a set number of months. Money earned interface 322 may provide other time-based visual feedback on money earned by the user 120 through the usage of application 300.

FIGS. 4A-4B depict a further feature of a consumer application 300 that can be deployed on a client computing device 102 according to a disclosure of the present invention. FIGS. 4A-413 depict an exemplary data providing application 312, and as shown is Facebook data providing application 324. If user 312 enable Facebook data providing application 324, user 120 may use data permission toggles 326 that may grant or deny permission by the user 120 to share personal data with the data providing application 312. Personal data may include any information that relates to an individual who can be directly or indirectly identified. Personal data may include data determined by law to be personal information, such as personal information defined by GDPR or CCPA. In addition, the data set may include the individual's behaviors, demographics, transactions, locations, preferences, and searches all of which may be defined by law under GDRP. CCPA, or similar laws in broad category as information related to an individual or an entity who use the digital application, but not a necessity for the purpose of this disclosure. FIGS. 4A-4B further include exemplary data permission toggles 326, such as orders, services, interested cities, cites checked in, pictures 13 tagged in, and location. Each data permission toggle 326 represent a data feed that capture information about user 120, so user 120 can tell which information user 120 wants to collect, which information user 120 want to share and user 120 decides not to share. Each data permission toggle 326 may correspond with a data field of personal information collected by a data providing application 312.

FIG. 5 depict a further feature of a consumer application 300 that can be deployed on a client computing device 102 according to a disclosure of the present invention. After selecting user 120 selects vault interface 316 may provide access to the user data value display 328, the user 120 may be able to select what categories of personal information the user 120 wants to share or get back with data providing applications 312. Exemplary categories of personal information are shown in FIG. 5 , such as “Entertainment”, which would relate to personal information about the entertainment preferences of user 120. Toggles may be provided under the categories of personal information. Exemplary toggles are shown in FIG. 5 , such as a toggle for the “Entertainment” category, and toggles for “movie wishlisted”, “movies watched”, and “TV Shows Watched.” By way of example, if user 120 turns of the toggle for “Movies Watched”, consumer application 300 will grant permission to share information collected from data providing applications 312 that indicate which movies user 120 has watched and share them with enterprises that query for personal information. User data value display 328 may also include an option to turn off and on all toggles in one category together or each toggle separately.

In an embodiment of the present disclosure where the user 120 utilizes client computing devices 108-110, such as a laptop or desktop computer, or an IOT device interacting with the application ecosystem through a API, user 120 may access consumer application 300 though a web browser or a plug-in for a web browser. Through the web browser or a plug-in for a web browser, user 120 may access the same functions as shown in consumer application 300.

FIGS. 6A-6B depict an enterprise application 400 that can be deployed on an enterprise computing device 130 according to a disclosure of the present invention. After logging into enterprise application 400, the enterprise application 400 will display a home screen for the enterprise application 400. The home screen may contain profile interface 404, home screen interface 306, notifications interface 410, available balance indicator 412, query interface 414, recent query interface 416, home screen interface 418, trending query interface 420, community interface 422, and profile interface 424.

Profile interface 404 and profile interface 424 may provide access to an enterprise profile display. The enterprise profile display may be shown on enterprise application 400. The enterprise profile display may contain a listing of the enterprise personal information, such as the phone number or email address used to create an enterprise profile, including the ability to change the same. The enterprise profile display may also provide preference and setting for the enterprise application 400. The enterprise profile display may also provide links to payment sources, such as a bank account or cryptocurrency account for funding the queries that are run to get the required analytics or insights from the individual users. This transfer of value could also be in terms of digital rewards or services that is deemed agreeable between the participants.

Home screen interface 406 and home screen interface 418 may permit the enterprise 140 of enterprise application 400 to return to the home screen display of enterprise application 400, as shown in FIG. 6A, from another display within the enterprise application 400, such as the profile display, the trending query display 430, and the community display.

Available balance indicator 412 shows how much funds are available for performing queries through enterprise application 400. Amounts may be deducted from the available balance after performing queries, as described below.

The enterprise 140 of enterprise application 400 may use the query interface 414 to generate queries of the characteristics of the users 120 or other business shared information of application 300. Enterprise 140 may input a query such as “Users who went to Inox Koramangala” into query interface 414 to initiate the process of generating a report on the users 120 who went to Inox Koramangala. A number of the most recent queries performed by enterprise 140 of enterprise application 400 may be shown in recent query interface 416. Enterprise application 400 may use system 1000, as shown in FIG. 12 and described below, to perform natural language processing on the queries inputted at query interface 414 to determine relevant fields for searching. Examples of relevant fields identified by the natural language processing on the inputted queries ae highlighted in recent query interface 416.

An enterprise 140 that selects trending query interface 420 may display trending query display 430, as shown in FIG. 6B. Trending query display 430 may provide query visual feedback 426, which may show an aggregation of queries made across a number of enterprises 140 over a set time period. For example, query visual feedback 426 may show the number of queries all enterprises 140 have requested over the past week, as broken out by day. Query visual feedback 426 may also show queries performed per year, per month, per day, and per hour. Query visual feedback 426 may also queries performed by enterprises 140 in a certain region, such as a country or a state. Trending query display 430 may also provide a trending query list 428, which shows queries that have significant interest from across all enterprises 140 using enterprise application 400 over a set time interval. Trending query list 428 may be used to determine current query trends across all enterprises 140 or over a certain type of enterprise 140.

An enterprise 140 that selects community interface 422 may display a community interface display. The community interface display provide a list of subsets of users 120 based on demographics of users 120.

In an embodiment of the present disclosure where the u enterprise 140 utilizes enterprise computing device 132, such as a laptop or desktop computer, enterprise 140 may access enterprise application 400 though a web browser or a plug-in for a web browser. Through the web browser or a plug-in for a web browser, enterprise 140 may access the same functions as shown in enterprise application 400. This interface could also be integrated with other software applications that specialize in query or analytics management through an API/service mechanism.

FIG. 7 depicts a decentralized consumer data ecosystem according to an implementation of the present disclosure.

After consumer 120 initiates the process as depicted in FIG. 3 at Start 500, the consumer engages the application 300 by creating a consumer profile 301. A consumer profile 301 may be created through user-provided user information by the consumer, such as the consumer's phone number or the consumer's email, with a password. The system 1000 creates a record of the consumer profile 301 based upon the consumer's inputted information, creating a security profile. The data for the consumer profile 502 is outputted as credentials to step 504. The outputted credentials are utilized to create a session to ensure that it is a valid session. Data for the consumer profile at step 502 may also be outputted to step 508, which may be used to create a profile for the user 120.

At step 504, user 120 logins into application 300 through user profile 301 at credential entry 302, selects the data providing applications 312 the user 120 wants to include in application 300 data privacy profile. User 120 may select the data providing application(s) 312 from a list of data providing application(s) 312 compatible with application 300. After selection of the data providing application(s) 312, those data providing application(s) 312 are now registered as a part of the application 300 portfolio.

At step 506, for each of the data providing applications 312 in the portfolio of application 300, the user 120 may configure which information the user 120 want to capture, and which information the user 120 wants to store in system 1000. The user may utilize the function of application 300 by adjusting data permission toggles 326 as shown and discussed in FIGS. 4A-4B. Adjusting data permission toggles 326 alter the application filters on either a field level, application level, industry domain level, or metadata level. Depending on the permissions and data collected by a data providing application 312, the user 120 may be able to adjust a course level or fine grain of security in the application 300 depending on what personal data the data providing applications 312 may collect and the data user 120 wants to share. Step 506 output is a security profile for user 120 being created and attached to the consumer profile for user 120 for use in step 512.

At step 508, an entity profile is created. An entity profile may be created from a consumer profile from a user 120 at step 502 or an organization profile from an enterprise 140 at step 536. The data for the entity profiles are then stored in a profile storage medium at step 524. The result of step 524 is the creation of a consumer data profile of the consumer profile 502 for a user 120 and an enterprise data profile from the organizational profile at step 532. The profile storage medium of step 524 may be any suitable data storage used as part of system 1000. An example of a suitable data storage for the profile storage medium may be implemented as a public blockchain such as Ethereum. In an embodiment of the present disclosure, a portion of the consumer data profile may be stored on a public blockchain, and in particular the portion of the consumer data profile concerning management of that consumer data to ensure immutability and consensus to enable identity and transaction management.

The consumer data profile of the consumer profile from a user 120 may be stored in a personal data vault at step 516. The enterprise data profile of the organizational profile from an enterprise 140 may be stored in an enterprise data vault at step 518. Each enterprise 140 may have its own enterprise data vault at step 518. The personal data vault and the enterprise data value may each be stored in a suitable data storage medium either local or over a network, attached to a private blockchain or distributed ledger, accessible by the user 120 and the enterprise 140, respectively. An example of a suitable private blockchain or distributed ledger may be the use of a distributed ledger from AWS called QLDB or broader footprint using IBM-Hyperledger, R3-Corda or Enigma blockchains.

At step 510, the user profile 301 for application 300 may be associated with a bank account, cryptocurrency account, or other financial account or device. The linking may be accomplished through data inputted by the user 120 during the creation of user profile 301. Additionally, at step 510, the organization profile from an enterprise 140 may be associated with a bank account, cryptocurrency account, or other financial account or device. The linking may be accomplished through data inputted by the enterprise 140 during the creation of enterprise profile 401.

At step 512, selected personal data, as determined by data permission toggles 326 in data providing application 312, will begin trickling through system 1000. The selected personal data may be sent to a portion of system 1000 that contains metadata storage device at step 526. The data being sent through data trickle at step 512 is determined in part by the data providing applications 312, which may be nearly a complete set of data as provided by the data providing application 312. For the example of Facebook as the data providing application 312, all of the data feeds from Facebook that are exposed by the data providing application 312, such as through an API or in through a flat file made available through a web form, email or other that are generally made available through a public API, private API provisioned through a technology/business partnership or exposed as DSR requests, include approximately 180 unique data feeds (subject to change at Facebook's direction), represent the potentially collectable data from data providing application 312.

At step 526, the selected personal data from the data trickle at step 512 is filtered for the metadata that determines the type of personal data the data trickle is providing, and then the metadata of the personal data is then mapped to predetermined metadata fields as determined in the metadata store at step 526. For example, the metadata is filtered to determine if the metadata personal data is a location or a city, or that it is media information. When a metadata of the personal data is matched with a corresponding metadata field at step 526, the personal data is then populated into the personal data vault at step 516, which includes the use of a storage medium for storing the personal data associated with the filtered metadata. The metadata of the personal data is mapped to metadata fields by having a structure identifying how specific type of personal data is structured, such as how a location data looks, how demographic data looks, how something else looks. The metadata may be mapped by utilizing 16+ different superstructures that identify what those data structures actually look like. System 1000 may take the raw data received from the data trickle, map the data to the particular structure and stored as relevant consumer data.

At step 516, the personal data vault of system 1000 is provided with the data filtered against the metadata store at step 526. Each consumer profile may have its own personal data value at step 516. The personal data vault may be implemented on any suitable storage device, such as a local hard drive of user 120, a storage medium on the client computing device 102-110, a user-designated cloud storage device, an on-premises storage device or a cloud-based storage device provided by system 1000.

Personal data vaults may have instances of consumer take or enterprise take for access over a network.

At step 536, enterprise 140 may create an organizational profile 401 for the enterprise 140 using enterprise application 400. An organizational profile 401 may be created through enterprise-provided enterprise information by the enterprise, such as the enterprise's phone number or the enterprise's email, with a password. The system 1000 creates a record of the organizational profile 401 based upon the enterprise's inputted information, creating a security profile. The data for the organizational profile 401 is outputted as credentials to step 532. The outputted credentials are utilized to create a session to ensure that it is a valid session. Data for the organizational profile 401 at step 536 may also be outputted to step 508, which may be used to create a profile for the enterprise 140.

At step 538, an enterprise 140 using enterprise using enterprise application 400 makes an analytics query. The analytics query is used by the enterprise 140 to obtain information on users 120 that meet the criteria of the inputted query. Examples of inputs for the analytics query at step 538 include characteristics of users, such as location, gender, age, and interests. The analytics query generated at step 538 is outputted to query management at step 514. The analytics query at step 538 may be sent to step 514 and step 520 through homomorphic encryption or other suitable encryption. Further examples of an analytics query at step 514 are described below in FIG. 11 .

The value realization could at a minimum be in the form of digital rewards like a car service from an automotive manufacturer, a decrease in interest rate from a mortgage company to actual transfer of cash/crypto currency between the participants. In the case of the prior, it is defined by a participation level mapped to the digital reward tiers by the organization as to one time or a long-term relationship. On the later it will be based on the supply and demand, number of participants, quality of data among others.

At step 520, the system 1000 performs a data snap process for determining the personal data vaults from step 516 that meet the criteria generated by the query management at step 514. The system at step 520 will take the nested queries generated at step 514 and return a subset of “1s” representing the count of personal data vaults that meet the criteria for the first nested query. The process will repeat for each of the nested queries until all nested queries are completed, return a subset of “1s” representing the total count of the personal data vaults or profiles represented by the data vaults that meet the criteria for each subsequent nested query. The system 1000 will aggregate all of the “1s” at step 520.

The results of the data snap process are outputted to step 522 to generate an analytics report and to step 528 to generate a secret contract. The analytics report at step 522 provides a count of the number of users 120 that meet the criteria for analytics query generated at step 528. Depending on the number of unique sub-queries generated by the query management at step 514, the analytics report may provide a multidimensional report on the number of users 120 that meet each of the unique sub-queries. The analytics report/data set generated at step 522 may be stored in the enterprise profile at step 524 of the enterprise that generated the analytics query for the report.

At step 528, the secret/smart contract establishes a transaction endpoint between an enterprise 140 that makes an analytics query from step 538, and the users 120 of the personal data vault(s) 516 that are participating in providing that information and house that information. The value of the query will be deducted from the account associated with the enterprise 140 and added to accounts associated with users 120. The enterprise will take the payment total for the analytics query from step 538 and divide the payment total between the identities of the users 120 that are returned by the query at step 530. By way of example, if enterprise pays $1,000 for an analytics query and a thousand personal data vaults are providing that data, then $1 may be distributed for each of the users 120 that are returned by the query at step 530. Through this process, the identities of user 120 are maintained anonymously to the enterprise 140, while still permitting the exchange of information and financial payments between the enterprise 140 and users 120.

At step 540, enterprise 140 can monetize its created analytics reports from step 522 stored in the profile at step 524 associated with the enterprise 140. For example, if enterprise 140 has entered an analytics query at step 538, generating an analytics report at step 522, enterprise 140 has already received the analytics report in exchange for payment given through the secret contract at step 528. Enterprise 140 can configure its previously generated analytics reports at step 534 for sharing with other enterprises for certain payment. The previously generated analytics reports or the holistic dataset of other enterprises may not be shared in an embodiment. The other enterprises may define their query based on metadata elements of the data that is being made available either through an individual or an enterprises dataset which is used to source from the appropriate source. The previously generated analytics reports may be published holistically for other enterprises to purchase.

When the disclosure is implemented in a manner as shown and described in FIG. 7 , the system ensures that enterprise 140 cannot access the raw data of the user 120 as stored in the private blockchain personal data vault 516. Instead, enterprise 140, through an analytics query 538, can only access anonymized data as aggregated through query management 514. This ensures the privacy of the data shared by user 120 and permits the user 120 to control which personal information, if any, is shared with enterprises 140.

In particular the user 120 selects the privacy controls and data aggregation into the user 120 configuration. By way of example, user 120 may enter application 300 add Facebook, Google, Twitter, or similar data providing applications 312 into the portfolio,

FIG. 8 depicts a method for enterprise-enabled digital consumer data network registration according to an implementation of the present disclosure. After start 600 enterprise 626 may send a request for a data subject request (DSR) opt-in at Step 602. A data subject request (DSR) is a request from a data subject to a data controller asking for modification of personal data held by a third party. The DSR is sent to digital consumer 630 to opt into the DSR at step 604. Digital consumer 630 may be user 120. After the digital consumer 630 accepts the DSR, at step 606 the digital consumer 630 installs an app or plugin as appropriate to the digital consumer's device.

After the application or plug-in is installed, the method continues to step 608, where digital consumer 630 creates a unique privacy profile on the app or plugin. The unique privacy profile may include personally-identifiable information of digital consumer 630 that will permit the unique privacy profile to be associated with the digital consumer 630. The personally-identifiable information of digital consumer 630 is then passed to step 610 of data network system 628 to store the personally-identifiable information of digital consumer 630 as associated with the digital consumer to create a private profile of the digital consumer 630. The digital consumer private profile is created on a storage medium that is accessible as directed by the digital consumer. Synthesized data associated with the private profile of the digital consumer 630 is created and sent to a publicly-accessible storage medium, creating a digital consumer public profile at step 612. The anonymized digital consumer public profile is then passed back to enterprise 626 at step 614.

The personally-identifiable information of digital consumer 630 from step 608 is also passed to step 616, where the digital consumer registers one or more mobile applications, web-based applications and Kur devices that require privacy management with the digital consumer's unique privacy profile. At step 618, the digital consumer enables the privacy preferences for one or more of the mobile applications, web-based applications and OT devices added in step 616. The digital consumer 630 can either implement privacy preferences for individual mobile applications, web-based applications and IOT devices, or collectively through a standard templatized setting for privacy profiles for the digital consumer's unique privacy profile.

The method continues at step 622, where the digital consumer 630 creates a personal data vault at the location of the choosing of the digital consumer 630. The digital consumer may choose a local, on-premise storage location, a private cloud-based storage location, or at a location provided by data network system 628. The choice of storage location is provided to step 624, where the personal data vault location and access information is added to the unique privacy profile of digital consumer 630. The information from step 618, step 622, and step 624 are then passed to step 620, where the unique privacy profile of the digital consumer 630 is defined. This unique privacy profile is stored at the digital consumer's unique privacy profile.

FIG. 9 depicts a method for privacy and consumer data management according to an implementation of the present disclosure. After start 700, digital consumer 736 logins into application 300 to connect to a data providing application(s) 312 at step 702. Digital consumer 736 then continues to step 704 where the digital consumer 736 opens a desired data providing application 312. At step 706, the digital consumer 736 loads the chosen data providing application 312 and the digital consumer private profile stored from step 708 in data network system 734.

At step 710, digital consumer 736 sends a signal to the enterprise 732 application through application 300 using the privacy paraments retrieved in step 708. The opening of the enterprise 732 application is then achieved in step 712 which initiates a session for the digital consumer 732 digital engagement. At step 714, the consumer application 300 may act as a firewall to restrict access to unsupported privacy parameters. The consumer data that flows through the consumer application may be checked against permitted fields that the consumer application 300 has toggled on or off to permit or deny access to such data. Enterprise 732 application may then request for insights into the personal information of the digital consumer 736 through the application 300 at step 716. If the requested personal information of the digital consumer 736 is approved at step 718 based on the privacy parameters loaded from step 708, then the requested personal information may then be transmitted to the enterprise 732 application back at step 716. At step 720, if the requested personal information is restricted based on the privacy parameters loaded from step 708, then the denial is transmitted back to the digital consumer 736 through application 30) at step 722 to have the application 300 obtain a copy of the historical information and real time information from enterprise 732 concerning digital consumer 736.

The personal information of the digital consumer 736 that can be restricted as determined from step 720 is then identified at step 724, when then initiates a DSR to delete a copy of the personal information of the digital consumer 736 that can be restricted. The identified data from step 724 is passed on to step 726, where the personal data vault of the digital consumer 736 is updated with information from the requested personal information of digital consumer 736. A suitable personal data vault may be the personal data vault as described at step 516 of FIG. 8 . At step 728, enterprise 732 receives the DSR from the application 300 through a DSR gateway of the enterprise 732 application, which is the portion of enterprise 732 application configured to receive DSRs. At step 730, enterprise 732 removes the requested personal information as restricted at step 720 from the enterprise 732 application.

FIG. 10 depicts a method for data aggregation and creation of a consumer data profile insights according to an implementation of the present disclosure. After starting the method at step 800, the digital consumer 824 engages with a data providing application(s) 312 through the application 300 at step 802. The digital consumer 824 may be user 120 using a client computing device 102. The digital consumer loads privacy preferences from step 804 in data network system 822. The privacy preferences from step 804 are also sent as data subject and privacy preferences at step 806, which are in turn passed back to the digital consumer 824 through application 300 at step 808 for data filtering, aggregation and DSR management.

At step 808, the digital consumer 824 decides the personally-identifiable information the digital consumer 824 desires to share from the one or more data providing application(s) 312. These preferences on which personally-identifiable information the digital consumer 824 desires to share is passed to the data privacy management of data network system 822 at step 810. The data privacy management of data network system 822 will send a DSR at steps 812 a-812 n to seek information from applications at steps 814 a-814 n based upon the data privacy management settings from step 810. Applications at steps 814 a-814 n may include enterprises (I to n) 820, which may be data providing application(s) 312. The applications at steps 814 a-814 n will send the requested information through a service and data exchange back through the application 300 of the digital consumer at step 808 and then through the data privacy management at step 810, and then application data for each one of application or service at steps 816 a-816 n as corresponding to applications and services from steps 814 a-814 n. The consumer information data retrieved at steps 816 a-816 n is then passed to the digital consumer data vault at step 818. The digital consumer data vault at step 818 may be referred to as a “consumer 360” as it provides a complete profile of the digital consumer, as it can integrate information across different types of applications and services, such as those from steps 814 a-814 n.

FIG. 11 depicts a method for data synthesis exchange according to an implementation of the present disclosure. After starting the method at step 900, an enterprise 916 may create a new data query at step 902. A new data query may be created by enterprise 140 using enterprise computing device 130 creates a new data query using enterprise application 400 at step 902. By way of example, a new data query may be combination of a number of characteristics of users 120, such as “women over the age of 65 that watch Game of Thrones.” The new data query of step 902 is sent to the query engine of data network system 918 at step 903. The query engine of data network system 918 may be implemented using system 1000. The query engine of data network system 918 may be configured to call and touchpoint and read data from a multiplicity of data vaults, rather than a centralized data vault. At step 904, the query engine of data network system 918 may parse the new data query into a nested query, a series of sub-queries that make up the larger query.

Using the above example, the new data query of “women over the age of 65 in California that watch Game of Thrones” may be parsed into sub-queries “users that watch Game of Thrones”, “users that live in California”, “users that are over the age of 65” and “users that are women.”

The parsed query will then be passed to iterative query 1 of step 906 a of data network system 918. The iterative query 1 at step 906 a is outputted to a multiplicity of consumer data vaults 1 through n at steps 908 a-908 n of digital consumer (1 . . . n) 920. Consumer data vaults 1 through n may be implemented as personal data vaults 516, as described above. Digital consumers (1 . . . n) 920 may be composed of a multiplicity of users 120 using application 300 on client computing devices 102. Each of the consumer data vaults 1 through n at steps 908 a-908 n will return an indication that the consumer data of a consumer data vault meets the iterative query 1 at step 910. The method will repeat for steps 906 b-n, returning subsets of consumer data vaults that meet each iterative query 2 through n. At step 912, after completing the iterative query n at step 906 n, data network system 918 will return the final query results that aggregate the users 120 that meet the new data query. Data network system 918 will return the query results to the enterprise 916 at step 914, indicating which user(s) 120 meet the new data query. The query results at step 914 may be grouped by category.

In the above example, iterative query 1 may be “users that watch Game of Thrones.” This iterative query is sent as a binary inquiry to all of the available consumer data vaults at steps 908 a-n, inquiring whether each user 120 meets the iterative query 1. The consumer data vaults that indicate a record with a match to iterative query 1 will return a “1” while the consumer data vaults that do not indicate a record with a match to iterative query 1 will return a “0”. At step 910, the data network system 918 will compile all of the consumer data vaults that return a “1” as a list of the subset of all consumer data vaults. The data network system 918 will then proceed to process iterative query 2 at step 906 b, which in this example may be “users that live in California.” The data network system 918 will then query the subset of consumer data vaults at steps 908 a-n that returned a positive response from iterative query 1. At step 910, the data network system 918 will compile all of the subset of consumer data vaults that return a “I” as a list of the smaller subset of all consumer data vaults. Data network system 918 will then continue to process iterative quires 906 c-n in a similar manner until all quires have been completed. In this example, the system will subsequently query “users that are over the age of 65” and “users that are women.” The query results will return those “1”s that meet all of the criteria of the parsed query.

The process as illustrated in FIG. 11 demonstrates an example of distributive querying as contemplated by the system 1000. The ability of system 1000 to search using the search capabilities of each personal data vault of each user 120 permits increased efficiency in returning queries as initiated by an enterprise 140.

FIG. 12 depicts a block system diagram for implementation of the disclosed system 1000. As shown in FIG. 12 , Digital Service Providers 1002 include enterprises that provide digital functionality to their customers/consumers. Examples of Digital Service Providers 1002 include Google®, Facebook®, and Bank of America®. Digital Service Providers 1002 may be an enterprise 140 that may create an organizational profile 401 for the enterprise 140 using enterprise application 400 through an enterprise application.

Digital Service Providers 1002 may provide and receive information via Network 1004. An example of Network 1004 may be implemented through Network 114. Data suitable for entry on the Public Blockchain 1006 is passed from the Digital Service Providers 1002 to the Public Blockchain 1006 via Network 1004. Public Blockchain 1006 may be configured as described with regard to FIG. 15 below. Public Blockchain 1006 may communicate with a Data Network System 1014 via a Data Gateway 1008. Data Gateway may include Services Layer Functions Create Entity Profiles 508, Crypto/Block Account 510, Data Trickle 512, and Query Management 514. Data Gateway 1008 after identification and valuation is issued from public blockchain, use may also communicate with Super App/Container 1010. Super App/Container 1010 may be implemented as consumer application 300. The Super App/Container 1010 may be comprised of a plurality of Mini Apps 1012, which in turn correspond to an enterprise 140. Mini Apps 1012 may be implemented as data providing applications 312.

Data Network System 1014 may also communicate with Analytics and Data Science 1016, which may be implemented as Query Management 514 and generate Analytics Report 522. Data Network System 1014 may also communicate with Compliance Management 1018. Compliance Management 1018 may be configured to ensure compliance with privacy laws, such as GDPR, CCPA, PDP, and the POPI Act that are being enacted to protect consumers digital rights especially in terms of data ownership, consent, right to know the use of data and the right to be forgotten among other things. Data Network System 1014 may also communicate with Consent Management 1020. Consent Management 1020 may manage on an individual user 140 basis the permissions and accesses a Digital Service Provider 1002 has to the data of user 140 to seek, document and share the approval details of the use of said information like sharing of purchases, storing of location information, etc. both for internal use and external sharing by said enterprises. Data Network may further communicate with Private Blockchain 1022, which may be implemented as described with respect to FIG. 1S. Private Blockchain 1022 may host Data Vault 1024 which may be comprised of Personal Data Vault 516 and Enterprise Data Vault 518.

FIG. 13 depicts exemplary mechanisms by which enterprises may expose the data of the consumer stored by them to the consumers request to get a copy of their data back using a Data Request as per referenced in FIG. 5A on the top right showing the data subject request. Data Requests refers to the multiple mechanisms by which system 1100 can obtain information from the enterprises. The identification of the Data Requests are exemplary and not limiting. Digital Service Providers 1102 may provide and receive information via Network 1204. Network 1204 may in turn provide data requests API Gateway 1206, Native Integration 1208, Web Forms 1110, and Email Requests 1112 to Data Gateway 1114.

API Gateway 1206 may be implemented as an API (Application programming interface) gateway, which may be used to make and receive API calls from the digital service providers' API gateway. Native Integration 1108 may provide implemented as the integration of the filtering, data ingestion and data aggregation protocol's within the Customer enterprise's digital footprint either at a software or a hardware level. Native Integration 1108 may also include integration of IOT devices, inclusion within mobile applications, websites, and the like.

Web forms 1110 and Email requests 1112 may be implemented as web form or email, respectively, in order to obtain a copy of the user's data. These implementations may be used by enterprises to comply with current privacy laws such as GDPR and CCPA.

FIG. 14 depicts a flow chart depicts the implementation of a public blockchain, as shown for example in FIG. 7 , according to an embodiment of the present disclosure. The public blockchain may be constructed wherein the identity management reverse mapped to the identities of the enterprises holding consumer information. Digital Service Providers 1202 a-1202 n may each correspond to an instance of a UserID (labeled UserID1-n, respectively). The UserID corresponds to User Information for a particular user associated with the UserID, each of the UserIDs associated with a particular enterprise 140. The network 1204, which may be implemented as network 1004, communicates using Digital Profiles Handles 1208 a-n, after ensuring the authentication, authorization, and accounting mechanism at block 1206. The authentication at block 1206 may authenticate the data associated with a Digital Service Provider 1202. The authorization at block 1206 may check the permissions from the consumer to obtain the data from the Digital Service Provider 1202. The accounting at block 1206 maintains a ledger of all interactions between Digital Service Providers 1202 a-1202 n and system 1200, which are in turn used to create a security profile management for the user 120 associated with a UserID.

At 1208 a-n, Digital Profile Handles for each of the associated with the UserIDs for each of the digital service providers 1202 a-n may be created. Each of the Digital Profile Handles 1208 a-n contain an Authorization ID (“Auth ID”)1-n, corresponding to the Digital Profile Handle 1208 a-n. The Auth ID may be provided by the digital service providers to provide authorization to take information from the digital service provider.

Super Profiles 1210 a-n may in turn be generated, each corresponding to a specific user 120. Super Profile 1210 a may contain a SuperID, an Authentication Handle, and a Date Stamp. The Super Profile 1210 a components, which may include an Authentication Handle and a Date Stamp, are used to maintain the identification of a user 120. Data associated with a Super Profile 1210 a are then in turn stored with specific nodes of a public blockchain 1212 in blocks 1212 a-n.

Public blockchain 1212 may comprised of a plurality of nodes 1212 a-n (referred to singularly as 1212 a). Each node 1212 a may be a computing system that is configured to perform functions related to the processing and management of the blockchain, including the generation of blockchain data values, verification of proposed blockchain transactions, verification of digital signatures, generation of new blocks, validation of new blocks, and maintenance of a copy of the blockchain. The blockchain may be a distributed ledger that is comprised of at least a plurality of blocks. Each block may include at least a block ID and one or more data values. Each block ID may include at least a timestamp, a block reference value, and a data reference value. The timestamp may be a time at which the block ID was generated and may be represented using any suitable method (e.g., UNIX timestamp, DateTime, etc.). The block reference value may be a value that references an earlier block (e.g., based on timestamp) in the blockchain. In some embodiments, a block reference value in a block header may be a reference to the block ID of the most recently added block prior to the respective block. The data reference value may similarly be a reference to the one or more data values stored in the block that includes the block header.

Each blockchain data value may correspond to a blockchain transaction. A blockchain transaction may consist of at least: a digital signature of the sender of data that is generated using the sender's private key, a blockchain address of the recipient of the data generated using the recipient's public key, and a blockchain data that is transferred. In some blockchain transactions, the transaction may also include one or more blockchain addresses of the sender where blockchain data is currently stored (e.g., where the digital signature proves their access to such data), as well as an address generated using the sender's public key for any change that is to be retained by the sender. In some cases, a blockchain transaction may also include the sender's public key, for use by any entity in validating the transaction. For the processing of a blockchain transaction, such data may be provided to a node 1212 a in the public blockchain 1212, either by the client via a computing device 102-110 or by an enterprise by the computing devices 116. The node 1212 a may verify the digital signature and the sender's access to the data, and then include the blockchain transaction in a new block. The new block may be validated by other nodes in the public blockchain 1212 before being added to the blockchain and distributed to all of the nodes in the public blockchain 1212.

FIG. 15 depicts a flow chart of an implementation of the private blockchain 1400, wherein the users' private consumer data is mapped to private data vaults, according to an embodiment of the disclosure. The private blockchain 1400 as shown and described in FIG. 7 may be implemented as shown in FIG. 15 .

Data for private blockchain 1400 may originate as a data trickle 1402 as being sent data trickle at step from the data providing applications 312. Each user 120 of the private blockchain 1400 may have a SuperID and data trickles 1402 a-n associated with a specific user 120. The individual data trickles 1402 a-n are in turn associate with the data originating from the digital service providers 1202 a-n.

The personal data associated with a personal set of data trickles 1402 a is in turn used to create a hash table, which may consist of a SuperID and a table of data hashes_T1 through Tn as shown in block 1404 a. The data hashes_T1 through Tn may be created through appropriate encryption methods to ensure privacy of the personal data is maintained. The data associated with the hash table generated as blocks 1404 a-n are in turn stored in a corresponding consumer data storage vault 1406 a-n. Consumer data storage vault 1406 a-n may be implemented as Personal Data Vault 516, whereby the metadata of the consumer data is separated from the consumer data stored in the consumer data storage vault 1406 a-n to ensure a digital service provider cannot access the user data stored in the consumer data storage vault 1406 a-n.

FIG. 16 depicts an exemplary implementation of the disclosed system according to an embodiment of the disclosure. In particular, FIG. 16 depicts the disclosed system from FIG. 13 as an extensible system, where the disclosed platform can be implemented in multiple different configurations. As shown in FIG. 16 , the system 1300 includes digital service providers 1002 and network 1004, as described above for FIG. 13 . The extensible system 1300 may include a private instance 1306, a public instance 1308, and a hybrid instance 1310.

Private instance 1306 may be adopted as a walled garden for enterprises, nations, and unions wherein the data is contained within the control of the enterprise, nation, or union logically or physically as required.

Public instance 1308 may be adopted as a global instance wherein any potential users of the extensible system 1300 can participate in a data economy irrespective of the user or enterprise's actual presence or the origin of the service.

Hybrid instance 1310 may be adopted where, for example, the requirements of the local governments are met in creating a walled garden but the access to the insights is across geopolitical boundaries.

System 1300 may contain one or more of private instance 1306, public instance 1308, and hybrid instance 1310. Regardless of the number of private instances 1306, public instances 1308, or hybrid instances 1310 in system 300, analytics from private instance 1306, a public instance 1308, or hybrid instance 1310, as described in Analytics and Data Science 1016, may be shared between instances.

Having described the preferred embodiments of the invention, it is understood that the invention defined by the appended claims is not to be limited by particular details set forth in the above description, as many apparent variations thereof are possible without departing from the spirit or scope thereof. 

I claim:
 1. A system for protecting personal information data comprising: a distributed ledger, comprised of a first plurality of blocks, wherein each of the first plurality of blocks represent a personal data vault for storing personal information data; a public blockchain, comprised of a second plurality of blocks, wherein each of the second plurality of blocks represents a public profile for each user, associating the user of each of the second plurality of blocks with the same user of the first plurality of blocks; and a metadata filtering device, configured to match personal information data from an inputted data stream of personal information data with prestored metadata fields, and producing personal information data tagged with an associated metadata tags.
 2. The system of claim 3, wherein the distributed leger is implemented as a private blockchain.
 3. The system of claim 3, wherein a block from the first plurality of blocks associated with a user of the distributed ledger is further configured to store personal information data for each user as filtered by the metadata tags and the associated metadata tags.
 4. The system of claim 3, wherein the system restricts access to the personal information data stored in the personal data vault to the user associated with the personal data vault.
 5. A method of an enterprise enabling a digital consumer data network registration, comprising the steps of: transmitting a data subject rights request from an enterprise to an application for a digital consumer; receiving a signal from the application for the digital consumer indicating the consumer opts into the subject rights request; creating a private profile based on the signal from the application for the digital consumer; creating a public profile from the application for the digital consumer; registering the public profile with a data network for the enterprise; and setting privacy preferences for the digital consumer based on settings from the application for the digital consumer.
 6. The method of claim 5, wherein the private profile is a block on a private blockchain or distributed ledger.
 7. The method of claim 5, wherein the public profile is a block on a public blockchain.
 8. A method of managing consumer privacy, comprising the steps of: opening a privacy rights management application; selecting an application from the privacy rights management application; loading a privacy preference from a privacy profile for the privacy rights management application; retrieving a data determined by the privacy preference associated from the application; storing the retrieved data in a block of a private blockchain or distributed ledger for the privacy rights management application; and transmitting a signal to the application to delete the retrieved data from the application. 